Information Security Analyst jobs at Nes Holdings - 102 jobs

A financial services company in San Francisco is seeking an experienced security professional to assess access controls and mentor peers in security best practices. The candidate should have over 6 years of experience in security operations and a Bachelor's degree. The role offers competitive compensation ranging from $157,000 to $200,000, along with a hybrid work model and comprehensive benefits. #J-18808-Ljbffr

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

People Drive Our Success Are you enthusiastic, highly motivated, and have a strong work ethic? If yes, come join our team! At Cathay Bank - we strive to provide a caring culture that supports your aspirations and success. We believe people are our most valuable asset and we proudly foster growth and development empowering you to achieve your professional goals. We have thrived for 60 years and persevered through many economic cycles due to our team members' drive and optimism. Together we can make a difference in the financial future of our communities. Apply today! What our team members are saying: Video Clip 1 Video Clip 2 Video Clip 3 Learn more about us at cathaybank.com GENERAL SUMMARY This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus. Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k). Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy. Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law. Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster: Poster- English Poster- Spanish Poster- Chinese Traditional Poster- Chinese Simplified Cathay Bank endeavors to make **************************** to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at or . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Job Description The Governance, Risk and Compliance (GRC) Security Analyst will assume, but not be limited to, the following responsibilities: Performs security assessments to determine effectiveness of implemented security controls. Assesses the security posture of systems throughout their life cycle. Leads management on risks and actions to monitor, remediate & report via the risk register. Assists with third party and supplier risk management programs and assessments. Assists in the analysis, controls, and management of risk assessments for the BSA/AML program, Identity Theft & Red Flags and other risk assessments as Assists with outside audit and certification activities including management of security questionnaires. Designs and conducts training for computer security education and awareness programs. Work effectively with IT vendors and managed services partners. The successful candidate will possess the following education, knowledge and skillsets: B.S. or equivalent in Computer Science, Information Science & Technology, or related field. CISSP, CISA,or CISM preferred. Other information security certifications highly desired. 3+ years of experience in governance, risk, compliance, audit or information security within a regulated financial services environment. Experience in GLBA and Credit Union Compliance Working knowledge of NIST SP 800 series, ISO/IEC 27000 series, and similar standards. Excellent verbal and written communication skills. Excellent oral, written and interpersonal skills with the ability to influence and work effectively with diverse groups of peers and business partners Detail oriented with a demonstrated ability to work on multiple tasks simultaneously with strong organizational and prioritization skills Additional Information: Hybrid work schedule (Los Angeles / Southern California area) Professional office and remote work environment Standard business hours with occasional extended hours during audits or examinations We provide competitive compensation and benefits package that includes: Medical, dental, and vision insurance Life insurance 401k Retirement Plan (matching contribution=5%, immediate vesting) Paid Time Off (PTO) Paid Holidays Educational Reimbursement EOE Job Posted by ApplicantPro

The Governance, Risk and Compliance (GRC) Security Analyst will assume, but not be limited to, the following responsibilities: Performs security assessments to determine effectiveness of implemented security controls. Assesses the security posture of systems throughout their life cycle. Leads management on risks and actions to monitor, remediate & report via the risk register. Assists with third party and supplier risk management programs and assessments. Assists in the analysis, controls, and management of risk assessments for the BSA/AML program, Identity Theft & Red Flags and other risk assessments as Assists with outside audit and certification activities including management of security questionnaires. Designs and conducts training for computer security education and awareness programs. Work effectively with IT vendors and managed services partners. The successful candidate will possess the following education, knowledge and skillsets: B.S. or equivalent in Computer Science, Information Science & Technology, or related field. CISSP, CISA,or CISM preferred. Other information security certifications highly desired. 3+ years of experience in governance, risk, compliance, audit or information security within a regulated financial services environment. Experience in GLBA and Credit Union Compliance Working knowledge of NIST SP 800 series, ISO/IEC 27000 series, and similar standards. Excellent verbal and written communication skills. Excellent oral, written and interpersonal skills with the ability to influence and work effectively with diverse groups of peers and business partners Detail oriented with a demonstrated ability to work on multiple tasks simultaneously with strong organizational and prioritization skills Additional Information: Hybrid work schedule (Los Angeles / Southern California area) Professional office and remote work environment Standard business hours with occasional extended hours during audits or examinations We provide competitive compensation and benefits package that includes: Medical, dental, and vision insurance Life insurance 401k Retirement Plan (matching contribution=5%, immediate vesting) Paid Time Off (PTO) Paid Holidays Educational Reimbursement EOE

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: * Assess existing scanning program to implement cloud scanning capabilities * Assist in deployment and maintenance of data scanning tools * Partner with other groups within the organization to identify and remediate data at rest access risk. * Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement * Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards * Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: * Understanding of information security concepts, best practices, and regulations related to data loss prevention * Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss * Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) * Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). * Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. * Experience as a security consultant * Working knowledge of cloud topology * Knowledge of file share security and Windows ACL administration * Familiarity with the Financial Services Industry * Knowledge of varying cloud platforms * Familiarity with cloud security at major cloud service providers * Certifications: Associate of (ISC)^2, CISSP, or similar. Education: * Bachelor's degree in Information Security, Computer Science or a related field OR * Bachelor's degree in Business or other field + 3 years relevant experience * Equivalent years: BA/BA = HS + 5 years of experience Pay Transparency The salary range for this position is $97,049 - $145,574 per year. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit ************************************** . Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer The Banker's US Bank of the Year Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: Assess existing scanning program to implement cloud scanning capabilities Assist in deployment and maintenance of data scanning tools Partner with other groups within the organization to identify and remediate data at rest access risk. Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: Understanding of information security concepts, best practices, and regulations related to data loss prevention Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. Experience as a security consultant Working knowledge of cloud topology Knowledge of file share security and Windows ACL administration Familiarity with the Financial Services Industry Knowledge of varying cloud platforms Familiarity with cloud security at major cloud service providers Certifications: Associate of (ISC)^2, CISSP, or similar. Education: Bachelor's degree in Information Security, Computer Science or a related field OR Bachelor's degree in Business or other field + 3 years relevant experience Equivalent years: BA/BA = HS + 5 years of experience Pay Transparency The salary range for this position is $97,049 - $145,574 per year. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit ************************************** .

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail-oriented Information Security Specialist supporting the execution of cybersecurity initiatives that strengthen the organization's security posture. This role is ideal for a highly organized, collaborative professional with strong writing skills, critical thinking, and a foundational understanding of cybersecurity principles. The specialist will assist with policy development, regulatory support, client assurance, and play an active role in planning and executing security awareness events. Key Responsibilities: * Policy & Program Support: Assist in drafting, editing, and maintaining cybersecurity policies, standards, and procedures. Help ensure documentation is clear, consistent, and aligned with regulatory and organizational requirements. * Inherent Risk Assessment Coordination: Support the facilitation and documentation of Information Security Business Impact Assessments by working with business units to gather and organize input. * Client & Third-Party Requests: Help prepare responses to client security questionnaires and due diligence requests, ensuring timely and accurate information delivery. * Cybersecurity Awareness: Contribute to the planning and execution of awareness campaigns, including drafting communications, coordinating logistics, and tracking engagement. This may include engaging with colleagues, facilitating sessions, and representing the security team in a visible, interactive role. * Regulatory & Audit Support: Organize and maintain documentation to support audits, assessments, and regulatory reviews. Track deliverables and follow up with stakeholders as needed. * Cyber Maturity Tracking: Assist in collecting and organizing data for cyber maturity assessments, helping to identify trends and support reporting. * Collaboration & Communication: Work closely with internal teams including Privacy, Legal, Compliance, Third Party and Risk to ensure alignment and smooth execution of the Policy and Program teams initiatives. * Documentation: Create clear, professional documentation to support transparency, accountability, and informed decision-making. Qualifications: * Bachelor's degree in Cybersecurity, Information Security, Communications, Business, or a related field (or equivalent experience). * 3+ years of experience in a cybersecurity, risk, compliance, or program support role. * Foundational understanding of cybersecurity principles, frameworks, and regulatory requirements (e.g., NIST, ISO, GLBA, FFIEC). * Excellent writing, editing, and communication skills. * Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders. * Critical thinking, attention to detail, and strong organizational skills. * Experience supporting awareness or training programs is a plus. * Familiarity with GRC tools or security documentation platforms is a plus. Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer The Banker's US Bank of the Year Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail-oriented Information Security Specialist supporting the execution of cybersecurity initiatives that strengthen the organization's security posture. This role is ideal for a highly organized, collaborative professional with strong writing skills, critical thinking, and a foundational understanding of cybersecurity principles. The specialist will assist with policy development, regulatory support, client assurance, and play an active role in planning and executing security awareness events. Key Responsibilities: Policy & Program Support: Assist in drafting, editing, and maintaining cybersecurity policies, standards, and procedures. Help ensure documentation is clear, consistent, and aligned with regulatory and organizational requirements. Inherent Risk Assessment Coordination: Support the facilitation and documentation of Information Security Business Impact Assessments by working with business units to gather and organize input. Client & Third-Party Requests: Help prepare responses to client security questionnaires and due diligence requests, ensuring timely and accurate information delivery. Cybersecurity Awareness: Contribute to the planning and execution of awareness campaigns, including drafting communications, coordinating logistics, and tracking engagement. This may include engaging with colleagues, facilitating sessions, and representing the security team in a visible, interactive role. Regulatory & Audit Support: Organize and maintain documentation to support audits, assessments, and regulatory reviews. Track deliverables and follow up with stakeholders as needed. Cyber Maturity Tracking: Assist in collecting and organizing data for cyber maturity assessments, helping to identify trends and support reporting. Collaboration & Communication: Work closely with internal teams including Privacy, Legal, Compliance, Third Party and Risk to ensure alignment and smooth execution of the Policy and Program teams initiatives. Documentation: Create clear, professional documentation to support transparency, accountability, and informed decision-making. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Communications, Business, or a related field (or equivalent experience). 3+ years of experience in a cybersecurity, risk, compliance, or program support role. Foundational understanding of cybersecurity principles, frameworks, and regulatory requirements (e.g., NIST, ISO, GLBA, FFIEC). Excellent writing, editing, and communication skills. Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders. Critical thinking, attention to detail, and strong organizational skills. Experience supporting awareness or training programs is a plus. Familiarity with GRC tools or security documentation platforms is a plus.

This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus.

Responsible for driving the development, implementation, communication, and maintenance of loan Depot's technology policies, standards and procedures that are aligned to industry standards and regulatory requirements. Ensures that loan Depot technology processes adheres to regulatory requirements, manages risks effectively, and establishes strong governance practices. Develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: * Leads the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. * Continuously evaluates and updates cybersecurity and IT policies to ensure they remain current and effective. * Ensures policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX and PCI-DSS). * Collaborates with teams, working closely with IT, legal, compliance, and other departments, to gain a deep understanding of business needs to ensure cybersecurity policies align with business objectives. * Transforms complex information and documentation into simple concepts that are easy to understand by the end-users. * Offers specialized expertise and consultation to cross-functional teams to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommends prioritized, actionable solutions to mitigate risks and enhance loan Depot's overall security posture. * Stays informed about the latest cybersecurity threats, trends, and best practices. Ensures accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. * Benchmarks the organization's policies against industry standards and best practices. * Develops and implements governance frameworks for cybersecurity policy management. * Monitors key performance indicators, conducts gap analysis, risk assessments and implements frameworks, as needed. Tests and monitors effectiveness of controls. * Establishes a feedback loop and analyzes metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. * Actively leads and supports on internal and external audits and assessments of cybersecurity policies and practices. Accountable for ensuring identified audit and assessment findings and actions are tracked to closure. * Maintains comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicates policy requirements and updates to all relevant stakeholders. * Identifies opportunities for innovation and improvement in cybersecurity policy and practice. Proposes suitable mitigation strategies and verifies the effectiveness of remediation plans Requirements: * Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field preferred. * Minimum of six (6) + years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. * Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). * Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI). * Relevant certifications such as CISM and/or CISA are highly desirable. Why work for #teamloan Depot: * Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot. * Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive * Work with other passionate, purposeful, and customer-centric people * Extensive internal growth and professional development opportunities including tuition reimbursement * Comprehensive benefits package including Medical/Dental/Vision * Wellness program to support both mental and physical health * Generous paid time off for both exempt and non-exempt positions About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation's second largest non-bank retail mortgage lender, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $99,000 and $136,500. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

at loan Depot Responsible for driving the development, implementation, communication, and maintenance of loan Depot's technology policies, standards and procedures that are aligned to industry standards and regulatory requirements. Ensures that loan Depot technology processes adheres to regulatory requirements, manages risks effectively, and establishes strong governance practices. Develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: Leads the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. Continuously evaluates and updates cybersecurity and IT policies to ensure they remain current and effective. Ensures policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX and PCI-DSS). Collaborates with teams, working closely with IT, legal, compliance, and other departments, to gain a deep understanding of business needs to ensure cybersecurity policies align with business objectives. Transforms complex information and documentation into simple concepts that are easy to understand by the end-users. Offers specialized expertise and consultation to cross-functional teams to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommends prioritized, actionable solutions to mitigate risks and enhance loan Depot's overall security posture. Stays informed about the latest cybersecurity threats, trends, and best practices. Ensures accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. Benchmarks the organization's policies against industry standards and best practices. Develops and implements governance frameworks for cybersecurity policy management. Monitors key performance indicators, conducts gap analysis, risk assessments and implements frameworks, as needed. Tests and monitors effectiveness of controls. Establishes a feedback loop and analyzes metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. Actively leads and supports on internal and external audits and assessments of cybersecurity policies and practices. Accountable for ensuring identified audit and assessment findings and actions are tracked to closure. Maintains comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicates policy requirements and updates to all relevant stakeholders. Identifies opportunities for innovation and improvement in cybersecurity policy and practice. Proposes suitable mitigation strategies and verifies the effectiveness of remediation plans Requirements: Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field preferred. Minimum of six (6) + years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI). Relevant certifications such as CISM and/or CISA are highly desirable. Why work for #teamloan Depot: Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot. Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive Work with other passionate, purposeful, and customer-centric people Extensive internal growth and professional development opportunities including tuition reimbursement Comprehensive benefits package including Medical/Dental/Vision Wellness program to support both mental and physical health Generous paid time off for both exempt and non-exempt positions About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation's second largest non-bank retail mortgage lender, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $99,000 and $136,500. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.